package cn.tedu;

import java.sql.*;
import java.util.Scanner;

public class Demo07 {
    public static void main(String[] args) {
        Scanner scan = new Scanner(System.in);
        System.out.println("请输入用户名");
        String username = scan.nextLine();
        System.out.println("请输入密码");
        String password = scan.nextLine();
        //获取连接
        try (Connection coon = DBUtils.getConn()){
//            Statement s = coon.createStatement();
//            String sql = "select count(*) from user where username='"+username+"' and password='"+password+"'";
//            //执行查询
//            ResultSet rs = s.executeQuery(sql);

            //通过预编译效果的对象 解决SQL注入问题
            String sql = "select count(*) from user where username=? and password=?";
            PreparedStatement ps = coon.prepareStatement(sql);
            //替换掉SQL语句中的?
            ps.setString(1,username);
            ps.setString(2,password);
            ResultSet rs = ps.executeQuery();//执行查询
            //游标往下移动 指向查询到的数据
            rs.next();
            //取出结果集中 查询到的count(*)
            int count = rs.getInt(1);
            if(count>0){
                System.out.println("登陆成功!");
            }else System.out.println("用户名或密码错误!");
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }
    }
}
